How Big Data can make the Internet safer

Nov. 7, 2013
|

Dan Hubbard is CTO of OpenDNS / OpenDNS

by Dan Hubbard, Special for CyberTruth

by Dan Hubbard, Special for CyberTruth

(Editor's note: In this guest post, Dan Hubbard, Chief Technology Officer for OpenDNS, outlines how Big Data is destined to make bigger contributions to a safer Internet.)

The growing sophistication of computer malware, especially its ability to morph and assume different forms, is making traditional approaches to security irrelevant. With massive amounts of data and traffic flowing in and out of enterprise networks it is no longer possible to prevent cyber attacks using signature-based security tools.

Current approaches to security can't keep up the velocity and variety of today's threats because they are based largely on the manual work of researchers that investigate attacks through reverse engineering, homegrown tools and general hacking.

To protect businesses and their employees from the fire hose volume of nuisance threats like viruses and more damaging advanced attacks like data-stealing Trojans, the industry needs to harness big data techniques to identify, block and remediate threats. So how can we do this?

First, we need to capture a massive amount of data from the internet, which is the source of cyber attacks. To yield the most reliable results, researchers must cast a wide net that is distributed across geographies, sectors, segments, and protocols. Data diversity plays a critical role in our ability to accurately identify attacks.

Next, we must build infrastructures that can collect, store, process and query the massive volumes of data that are contained in Internet traffic streams flowing in and out of company networks. This enables security researchers to search, visualize and extract actionable information on new cyberattacks before they occur. This must be done in a short enough time span to make any intelligence gathered useful and enforceable.

We also need to reconsider the role of the security analyst in a world dominated by Big Data. Instead of manual research into new cyber threats, Big Data security models need to be automated. They must be designed to operate on self-learning algorithms that don't rely on analysis and intervention by humans to identify threats.

To build these advanced self-learning and automated threat detection systems requires a new set of skills and expertise that go beyond those traditionally associated information security research. Instead, a Big Data security team needs to be made up of data scientists, IT infrastructure experts, mathematicians and security pros.

Finally, we need to block the cyberthreats uncovered by Big Data security systems. The internet itself, or more precisely the domain name system (DNS) which directs traffic requests, is the ideal enforcement point for security policies.

About the author: Dan Hubbard is a noted information security researcher and Chief Technology Officer for OpenDNS, provider of the cloud delivered Umbrella